From de196c2e87d0ffc343238af0a4fdb06055a09449 Mon Sep 17 00:00:00 2001
From: Oliver Bryan <04oliverbryan@gmail.com>
Date: Fri, 9 Jan 2026 04:34:24 +0000
Subject: [PATCH] improved password requirements

---
 packages/backend/src/routes/auth/register.ts | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/packages/backend/src/routes/auth/register.ts b/packages/backend/src/routes/auth/register.ts
index c3c1d85..a36c8e1 100644
--- a/packages/backend/src/routes/auth/register.ts
+++ b/packages/backend/src/routes/auth/register.ts
@@ -31,8 +31,16 @@ export default async function register(req: BunRequest) {
         return new Response("username must be 1-32 characters", { status: 400 });
     }
 
-    if (password.length < 1) {
-        return new Response("password must be at least 1 character", { status: 400 });
+    if (password.length < 8) {
+        return new Response("password must be at least 8 characters", { status: 400 });
+    }
+
+    const hasUpperCase = /[A-Z]/.test(password);
+    const hasLowerCase = /[a-z]/.test(password);
+    const hasNumber = /[0-9]/.test(password);
+
+    if (!hasUpperCase || !hasLowerCase || !hasNumber) {
+        return new Response("password must contain uppercase, lowercase, and numbers", { status: 400 });
     }
 
     const existing = await getUserByUsername(username);